Update gomod and vendor

vendor/github.com/moby/buildkit/snapshot/containerd/content.go

@@ -0,0 +1,82 @@
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+func NewContentStore(store content.Store, ns string) content.Store {
+	return &nsContent{ns, store}
+}
+
+type nsContent struct {
+	ns string
+	content.Store
+}
+
+func (c *nsContent) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Info(ctx, dgst)
+}
+
+func (c *nsContent) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Update(ctx, info, fieldpaths...)
+}
+
+func (c *nsContent) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Walk(ctx, fn, filters...)
+}
+
+func (c *nsContent) Delete(ctx context.Context, dgst digest.Digest) error {
+	return errors.Errorf("contentstore.Delete usage is forbidden")
+}
+
+func (c *nsContent) Status(ctx context.Context, ref string) (content.Status, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Status(ctx, ref)
+}
+
+func (c *nsContent) ListStatuses(ctx context.Context, filters ...string) ([]content.Status, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.ListStatuses(ctx, filters...)
+}
+
+func (c *nsContent) Abort(ctx context.Context, ref string) error {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.Abort(ctx, ref)
+}
+
+func (c *nsContent) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	return c.Store.ReaderAt(ctx, desc)
+}
+
+func (c *nsContent) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) {
+	return c.writer(ctx, 3, opts...)
+}
+
+func (c *nsContent) writer(ctx context.Context, retries int, opts ...content.WriterOpt) (content.Writer, error) {
+	ctx = namespaces.WithNamespace(ctx, c.ns)
+	w, err := c.Store.Writer(ctx, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &nsWriter{Writer: w, ns: c.ns}, nil
+}
+
+type nsWriter struct {
+	content.Writer
+	ns string
+}
+
+func (w *nsWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error {
+	ctx = namespaces.WithNamespace(ctx, w.ns)
+	return w.Writer.Commit(ctx, size, expected, opts...)
+}

vendor/github.com/moby/buildkit/snapshot/containerd/snapshotter.go

@@ -0,0 +1,63 @@
+package containerd
+
+import (
+	"context"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/namespaces"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/moby/buildkit/snapshot"
+	"github.com/pkg/errors"
+)
+
+func NewSnapshotter(name string, snapshotter snapshots.Snapshotter, ns string, idmap *idtools.IdentityMapping) snapshot.Snapshotter {
+	return snapshot.FromContainerdSnapshotter(name, &nsSnapshotter{ns, snapshotter}, idmap)
+}
+
+func NSSnapshotter(ns string, snapshotter snapshots.Snapshotter) snapshots.Snapshotter {
+	return &nsSnapshotter{ns: ns, Snapshotter: snapshotter}
+}
+
+type nsSnapshotter struct {
+	ns string
+	snapshots.Snapshotter
+}
+
+func (s *nsSnapshotter) Stat(ctx context.Context, key string) (snapshots.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Stat(ctx, key)
+}
+
+func (s *nsSnapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Update(ctx, info, fieldpaths...)
+}
+
+func (s *nsSnapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Usage(ctx, key)
+}
+func (s *nsSnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Mounts(ctx, key)
+}
+func (s *nsSnapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Prepare(ctx, key, parent, opts...)
+}
+func (s *nsSnapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.View(ctx, key, parent, opts...)
+}
+func (s *nsSnapshotter) Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Commit(ctx, name, key, opts...)
+}
+func (s *nsSnapshotter) Remove(ctx context.Context, key string) error {
+	return errors.Errorf("calling snapshotter.Remove is forbidden")
+}
+func (s *nsSnapshotter) Walk(ctx context.Context, fn snapshots.WalkFunc, filters ...string) error {
+	ctx = namespaces.WithNamespace(ctx, s.ns)
+	return s.Snapshotter.Walk(ctx, fn, filters...)
+}

vendor/github.com/moby/buildkit/snapshot/imagerefchecker/checker.go

@@ -0,0 +1,135 @@
+package imagerefchecker
+
+import (
+	"context"
+	"encoding/json"
+	"strings"
+	"sync"
+
+	"github.com/containerd/containerd/content"
+	"github.com/containerd/containerd/images"
+	"github.com/moby/buildkit/cache"
+	digest "github.com/opencontainers/go-digest"
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
+)
+
+const (
+	emptyGZLayer = digest.Digest("sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1")
+)
+
+type Opt struct {
+	ImageStore   images.Store
+	ContentStore content.Store
+}
+
+// New creates new image reference checker that can be used to see if a reference
+// is being used by any of the images in the image store
+func New(opt Opt) cache.ExternalRefCheckerFunc {
+	return func() (cache.ExternalRefChecker, error) {
+		return &Checker{opt: opt}, nil
+	}
+}
+
+type Checker struct {
+	opt    Opt
+	once   sync.Once
+	images map[string]struct{}
+	cache  map[string]bool
+}
+
+func (c *Checker) Exists(key string, blobs []digest.Digest) bool {
+	if c.opt.ImageStore == nil {
+		return false
+	}
+
+	c.once.Do(c.init)
+
+	if b, ok := c.cache[key]; ok {
+		return b
+	}
+
+	_, ok := c.images[layerKey(blobs)]
+	c.cache[key] = ok
+	return ok
+}
+
+func (c *Checker) init() {
+	c.images = map[string]struct{}{}
+	c.cache = map[string]bool{}
+
+	imgs, err := c.opt.ImageStore.List(context.TODO())
+	if err != nil {
+		return
+	}
+
+	var mu sync.Mutex
+
+	for _, img := range imgs {
+		if err := images.Dispatch(context.TODO(), images.Handlers(layersHandler(c.opt.ContentStore, func(layers []specs.Descriptor) {
+			mu.Lock()
+			c.registerLayers(layers)
+			mu.Unlock()
+		})), nil, img.Target); err != nil {
+			return
+		}
+	}
+}
+
+func (c *Checker) registerLayers(l []specs.Descriptor) {
+	if k := layerKey(toDigests(l)); k != "" {
+		c.images[k] = struct{}{}
+	}
+}
+
+func toDigests(layers []specs.Descriptor) []digest.Digest {
+	digests := make([]digest.Digest, len(layers))
+	for i, l := range layers {
+		digests[i] = l.Digest
+	}
+	return digests
+}
+
+func layerKey(layers []digest.Digest) string {
+	b := &strings.Builder{}
+	for _, l := range layers {
+		if l != emptyGZLayer {
+			b.Write([]byte(l))
+		}
+	}
+	return b.String()
+}
+
+func layersHandler(provider content.Provider, f func([]specs.Descriptor)) images.HandlerFunc {
+	return func(ctx context.Context, desc specs.Descriptor) ([]specs.Descriptor, error) {
+		switch desc.MediaType {
+		case images.MediaTypeDockerSchema2Manifest, specs.MediaTypeImageManifest:
+			p, err := content.ReadBlob(ctx, provider, desc)
+			if err != nil {
+				return nil, nil
+			}
+
+			var manifest specs.Manifest
+			if err := json.Unmarshal(p, &manifest); err != nil {
+				return nil, err
+			}
+
+			f(manifest.Layers)
+			return nil, nil
+		case images.MediaTypeDockerSchema2ManifestList, specs.MediaTypeImageIndex:
+			p, err := content.ReadBlob(ctx, provider, desc)
+			if err != nil {
+				return nil, nil
+			}
+
+			var index specs.Index
+			if err := json.Unmarshal(p, &index); err != nil {
+				return nil, err
+			}
+
+			return index.Manifests, nil
+		default:
+			return nil, errors.Errorf("encountered unknown type %v", desc.MediaType)
+		}
+	}
+}

vendor/github.com/moby/buildkit/snapshot/localmounter.go

@@ -0,0 +1,74 @@
+package snapshot
+
+import (
+	"io/ioutil"
+	"os"
+	"sync"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/pkg/errors"
+)
+
+type Mounter interface {
+	Mount() (string, error)
+	Unmount() error
+}
+
+// LocalMounter is a helper for mounting mountfactory to temporary path. In
+// addition it can mount binds without privileges
+func LocalMounter(mountable Mountable) Mounter {
+	return &localMounter{mountable: mountable}
+}
+
+// LocalMounterWithMounts is a helper for mounting to temporary path. In
+// addition it can mount binds without privileges
+func LocalMounterWithMounts(mounts []mount.Mount) Mounter {
+	return &localMounter{mounts: mounts}
+}
+
+type localMounter struct {
+	mu        sync.Mutex
+	mounts    []mount.Mount
+	mountable Mountable
+	target    string
+	release   func() error
+}
+
+func (lm *localMounter) Mount() (string, error) {
+	lm.mu.Lock()
+	defer lm.mu.Unlock()
+
+	if lm.mounts == nil {
+		mounts, release, err := lm.mountable.Mount()
+		if err != nil {
+			return "", err
+		}
+		lm.mounts = mounts
+		lm.release = release
+	}
+
+	if len(lm.mounts) == 1 && (lm.mounts[0].Type == "bind" || lm.mounts[0].Type == "rbind") {
+		ro := false
+		for _, opt := range lm.mounts[0].Options {
+			if opt == "ro" {
+				ro = true
+				break
+			}
+		}
+		if !ro {
+			return lm.mounts[0].Source, nil
+		}
+	}
+
+	dir, err := ioutil.TempDir("", "buildkit-mount")
+	if err != nil {
+		return "", errors.Wrap(err, "failed to create temp dir")
+	}
+
+	if err := mount.All(lm.mounts, dir); err != nil {
+		os.RemoveAll(dir)
+		return "", errors.Wrapf(err, "failed to mount %s: %+v", dir, lm.mounts)
+	}
+	lm.target = dir
+	return dir, nil
+}

vendor/github.com/moby/buildkit/snapshot/localmounter_unix.go

@@ -0,0 +1,29 @@
+// +build !windows
+
+package snapshot
+
+import (
+	"os"
+	"syscall"
+
+	"github.com/containerd/containerd/mount"
+)
+
+func (lm *localMounter) Unmount() error {
+	lm.mu.Lock()
+	defer lm.mu.Unlock()
+
+	if lm.target != "" {
+		if err := mount.Unmount(lm.target, syscall.MNT_DETACH); err != nil {
+			return err
+		}
+		os.RemoveAll(lm.target)
+		lm.target = ""
+	}
+
+	if lm.release != nil {
+		return lm.release()
+	}
+
+	return nil
+}

vendor/github.com/moby/buildkit/snapshot/localmounter_windows.go

@@ -0,0 +1,26 @@
+package snapshot
+
+import (
+	"os"
+
+	"github.com/containerd/containerd/mount"
+)
+
+func (lm *localMounter) Unmount() error {
+	lm.mu.Lock()
+	defer lm.mu.Unlock()
+
+	if lm.target != "" {
+		if err := mount.Unmount(lm.target, 0); err != nil {
+			return err
+		}
+		os.RemoveAll(lm.target)
+		lm.target = ""
+	}
+
+	if lm.release != nil {
+		return lm.release()
+	}
+
+	return nil
+}

vendor/github.com/moby/buildkit/snapshot/snapshotter.go

@@ -0,0 +1,151 @@
+package snapshot
+
+import (
+	"context"
+	"os"
+	"sync"
+	"sync/atomic"
+
+	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/snapshots"
+	"github.com/docker/docker/pkg/idtools"
+)
+
+type Mountable interface {
+	// ID() string
+	Mount() ([]mount.Mount, func() error, error)
+	IdentityMapping() *idtools.IdentityMapping
+}
+
+// Snapshotter defines interface that any snapshot implementation should satisfy
+type Snapshotter interface {
+	Name() string
+	Mounts(ctx context.Context, key string) (Mountable, error)
+	Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error
+	View(ctx context.Context, key, parent string, opts ...snapshots.Opt) (Mountable, error)
+
+	Stat(ctx context.Context, key string) (snapshots.Info, error)
+	Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error)
+	Usage(ctx context.Context, key string) (snapshots.Usage, error)
+	Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error
+	Remove(ctx context.Context, key string) error
+	Walk(ctx context.Context, fn snapshots.WalkFunc, filters ...string) error
+	Close() error
+	IdentityMapping() *idtools.IdentityMapping
+}
+
+func FromContainerdSnapshotter(name string, s snapshots.Snapshotter, idmap *idtools.IdentityMapping) Snapshotter {
+	return &fromContainerd{name: name, Snapshotter: s, idmap: idmap}
+}
+
+type fromContainerd struct {
+	name string
+	snapshots.Snapshotter
+	idmap *idtools.IdentityMapping
+}
+
+func (s *fromContainerd) Name() string {
+	return s.name
+}
+
+func (s *fromContainerd) Mounts(ctx context.Context, key string) (Mountable, error) {
+	mounts, err := s.Snapshotter.Mounts(ctx, key)
+	if err != nil {
+		return nil, err
+	}
+	return &staticMountable{mounts: mounts, idmap: s.idmap, id: key}, nil
+}
+func (s *fromContainerd) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
+	_, err := s.Snapshotter.Prepare(ctx, key, parent, opts...)
+	return err
+}
+func (s *fromContainerd) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) (Mountable, error) {
+	mounts, err := s.Snapshotter.View(ctx, key, parent, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return &staticMountable{mounts: mounts, idmap: s.idmap, id: key}, nil
+}
+func (s *fromContainerd) IdentityMapping() *idtools.IdentityMapping {
+	return s.idmap
+}
+
+type staticMountable struct {
+	count  int32
+	id     string
+	mounts []mount.Mount
+	idmap  *idtools.IdentityMapping
+}
+
+func (cm *staticMountable) Mount() ([]mount.Mount, func() error, error) {
+	atomic.AddInt32(&cm.count, 1)
+	return cm.mounts, func() error {
+		if atomic.AddInt32(&cm.count, -1) < 0 {
+			if v := os.Getenv("BUILDKIT_DEBUG_PANIC_ON_ERROR"); v == "1" {
+				panic("release of released mount " + cm.id)
+			}
+		}
+		return nil
+	}, nil
+}
+
+func (cm *staticMountable) IdentityMapping() *idtools.IdentityMapping {
+	return cm.idmap
+}
+
+// NewContainerdSnapshotter converts snapshotter to containerd snapshotter
+func NewContainerdSnapshotter(s Snapshotter) (snapshots.Snapshotter, func() error) {
+	cs := &containerdSnapshotter{Snapshotter: s}
+	return cs, cs.release
+}
+
+type containerdSnapshotter struct {
+	mu        sync.Mutex
+	releasers []func() error
+	Snapshotter
+}
+
+func (cs *containerdSnapshotter) release() error {
+	cs.mu.Lock()
+	defer cs.mu.Unlock()
+	var err error
+	for _, f := range cs.releasers {
+		if err1 := f(); err1 != nil && err == nil {
+			err = err1
+		}
+	}
+	return err
+}
+
+func (cs *containerdSnapshotter) returnMounts(mf Mountable) ([]mount.Mount, error) {
+	mounts, release, err := mf.Mount()
+	if err != nil {
+		return nil, err
+	}
+	cs.mu.Lock()
+	cs.releasers = append(cs.releasers, release)
+	cs.mu.Unlock()
+	return mounts, nil
+}
+
+func (cs *containerdSnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mount, error) {
+	mf, err := cs.Snapshotter.Mounts(ctx, key)
+	if err != nil {
+		return nil, err
+	}
+	return cs.returnMounts(mf)
+}
+
+func (cs *containerdSnapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	if err := cs.Snapshotter.Prepare(ctx, key, parent, opts...); err != nil {
+		return nil, err
+	}
+	return cs.Mounts(ctx, key)
+}
+func (cs *containerdSnapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) {
+	mf, err := cs.Snapshotter.View(ctx, key, parent, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return cs.returnMounts(mf)
+}